| Category | Started On | Completed On | Duration | Detector Version |
|---|---|---|---|---|
| FILE | 2017-05-22 13:07:51 | 2017-05-22 13:13:21 | 330 seconds | 1.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| detect1 | winxpsp3_cn | VirtualBox | 2017-05-22 13:07:53 | 2017-05-22 13:13:21 |
| VirusTotal | File not found on VirusTotal |
|---|
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .textbss | 0x00001000 | 0x000464f0 | 0x00000000 | 0.0 |
| .text | 0x00048000 | 0x00094178 | 0x00094200 | 5.54002187966 |
| .rdata | 0x000dd000 | 0x00023183 | 0x00023200 | 3.4686940429 |
| .data | 0x00101000 | 0x00002470 | 0x00000e00 | 1.97003278384 |
| .idata | 0x00104000 | 0x00000c20 | 0x00000e00 | 4.27335036622 |
| .gfids | 0x00105000 | 0x00000416 | 0x00000600 | 1.46194200158 |
| .00cfg | 0x00106000 | 0x00000104 | 0x00000200 | 0.0611628522412 |
| .rsrc | 0x00107000 | 0x00000506 | 0x00000600 | 2.8500356765 |
| .reloc | 0x00108000 | 0x000054e6 | 0x00005600 | 6.09444159439 |
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_MANIFEST | 0x00107170 | 0x00000224 | LANG_ENGLISH | SUBLANG_ENGLISH_US | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2017-05-22 13:07:52.231684 | GetSystemTimeAsFileTime | SUCCESS | ||||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => api-ms-win-core-synch-l1-2-0 module_address => 0x00000000 flags => 0 module_name => api-ms-win-core-synch-l1-2-0 |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004dedc4 function_name => InitializeCriticalSectionEx |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => api-ms-win-core-fibers-l1-1-1 module_address => 0x00000000 flags => 0 module_name => api-ms-win-core-fibers-l1-1-1 |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004ded5c function_name => FlsAlloc |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004deda8 function_name => FlsSetValue |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => api-ms-win-core-synch-l1-2-0 module_address => 0x00000000 flags => 0 module_name => api-ms-win-core-synch-l1-2-0 |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004dedc4 function_name => InitializeCriticalSectionEx |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => api-ms-win-core-fibers-l1-1-1 module_address => 0x00000000 flags => 0 module_name => api-ms-win-core-fibers-l1-1-1 |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004ded5c function_name => FlsAlloc |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004ded8c function_name => FlsGetValue |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004deda8 function_name => FlsSetValue |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | GetFileType |
file_handle => 0x00000003 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | GetFileType |
file_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | GetFileType |
file_handle => 0x0000000b |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | LdrLoadDll |
basename => api-ms-win-core-localization-l1-2-1 module_address => 0x00000000 flags => 0 module_name => api-ms-win-core-localization-l1-2-1 |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004f1e64 function_name => LCMapStringEx |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | LdrGetProcedureAddress |
ordinal => 0 module => kernel32 module_address => 0x7c800000 function_address => 0x004f1ea0 function_name => LocaleNameToLCID |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 4096 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00185000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | SetUnhandledExceptionFilter | SUCCESS | ||||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00186000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | FindFirstFileExW |
filepath_r => C:\*.* filepath => C:\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00188000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtQueryDirectoryFile |
file_handle => 0x00000040 information_class => 3 dirpath => C:\ |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0018a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0018c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0018e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00190000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00192000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00196000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00198000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtQueryDirectoryFile |
file_handle => 0x00000040 information_class => 3 dirpath => C:\ |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0019a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\AUTOEXEC.BAT
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\boot.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\bootfont.bin
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\CONFIG.SYS
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\IO.SYS
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\MSDOS.SYS
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\NTDETECT.COM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\ntldr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\pagefile.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Program Files
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\System Volume Information
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | FindFirstFileExW |
filepath_r => C:\Documents and Settings\*.* filepath => C:\Documents and Settings\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtQueryDirectoryFile |
file_handle => 0x00000044 information_class => 3 dirpath => C:\Documents and Settings |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtQueryDirectoryFile |
file_handle => 0x00000044 information_class => 3 dirpath => C:\Documents and Settings |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Documents and Settings\Default User
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Documents and Settings\LocalService
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Documents and Settings\NetworkService
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | FindFirstFileExW |
filepath_r => C:\Python27\*.* filepath => C:\Python27\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtQueryDirectoryFile |
file_handle => 0x00000048 information_class => 3 dirpath => C:\Python27 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0019c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0019e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001a0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | NtQueryDirectoryFile |
file_handle => 0x00000048 information_class => 3 dirpath => C:\Python27 |
FAILURE | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Python27\LICENSE.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Python27\NEWS.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Python27\python.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Python27\pythonw.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Python27\README.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.231684 | WriteConsoleA |
buffer => C:\Python27\w9xpopen.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | FindFirstFileExW |
filepath_r => C:\Python34\*.* filepath => C:\Python34\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x0000004c information_class => 3 dirpath => C:\Python34 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001a2000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001a4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001a6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001a8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x0000004c information_class => 3 dirpath => C:\Python34 |
FAILURE | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\Python34\LICENSE.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\Python34\NEWS.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\Python34\python.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\Python34\pythonw.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\Python34\README.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\*.* filepath => C:\WINDOWS\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x00000050 information_class => 3 dirpath => C:\WINDOWS |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ae000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001b0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001b2000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001b4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001b6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001b8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ba000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001bc000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001be000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c2000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x00000050 information_class => 3 dirpath => C:\WINDOWS |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001cb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001cd000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001cf000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001db000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001dd000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001df000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x00000050 information_class => 3 dirpath => C:\WINDOWS |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001eb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ed000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ef000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001fb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001fd000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ff000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00201000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00203000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00205000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00207000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00209000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x00000050 information_class => 3 dirpath => C:\WINDOWS |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00211000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00213000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00215000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00217000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | NtQueryDirectoryFile |
file_handle => 0x00000050 information_class => 3 dirpath => C:\WINDOWS |
FAILURE | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\0.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\Blue Lace 16.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\bootstat.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\clock.avi
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\cmsetacl.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\Coffee Bean.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\comsetup.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\control.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\desktop.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\Downloaded Program Files
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.241684 | WriteConsoleA |
buffer => C:\WINDOWS\DtcInstall.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\explorer.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\explorer.scf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\FaxSetup.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\FeatherTexture.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001b9000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\Fonts
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\Gone Fishing.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\Greenstone.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\hh.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\iis6.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001c2000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\imsins.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001c5000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\Installer
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001c6000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\MedCtrOC.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\msdfmap.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\msgsocm.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ce000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\msmqinst.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001cf000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\netfxocm.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\NOTEPAD.EXE
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\ntdtcsetup.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d4000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\ocgen.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d5000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\ocmsn.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d6000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\ODBCINST.INI
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d7000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.251684 | WriteConsoleA |
buffer => C:\WINDOWS\OEWABLog.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d8000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Offline Web Pages
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d9000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Prairie Wind.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Prefetch
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001dd000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\py.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\pyw.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001e0000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\regedit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtAllocateVirtualMemory |
region_size => 65536 protection => 4 process_handle => 0xffffffff allocation_type => 8192 base_address => 0x00af0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtAllocateVirtualMemory |
region_size => 4096 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00af0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001e1000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\REGLOCS.OLD
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\regopt.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001e4000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Rhododendron.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\River Sumida.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001e8000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Santa Fe Stucco.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001e9000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\SchedLgU.Txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ea000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\sessmgr.setup.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\SET3.tmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ed000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\SET4.tmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ee000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\SET8.tmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ef000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\setupact.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001f0000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\setupapi.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001f1000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\setuperr.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001f2000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\setuplog.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001f3000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Soap Bubbles.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001f4000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\Sti_Trace.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\system.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.261684 | WriteConsoleA |
buffer => C:\WINDOWS\tabletoc.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\TASKMAN.EXE
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001fc000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\Tasks
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001fd000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\tsoc.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\twain.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00200000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\twain_32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | NtAllocateVirtualMemory |
region_size => 4096 protection => 4 process_handle => 0xffffffff allocation_type => 12288 base_address => 0x00b00000 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\twunk_16.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001aa000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\twunk_32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\vb.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\vbaddin.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\vmmreg32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\Web
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\wiadebug.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\wiaservc.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\win.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\WindowsShell.Manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\WindowsUpdate.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\winhelp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\winhlp32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.271684 | WriteConsoleA |
buffer => C:\WINDOWS\winnt.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\WINDOWS\winnt256.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\WINDOWS\wmprfCHS.prx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\WINDOWS\wmsetup.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\WINDOWS\WMSysPr9.prx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\WINDOWS\Zapotec.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\WINDOWS\_default.pif
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | FindFirstFileExW |
filepath_r => C:\wtkaxe\*.* filepath => C:\wtkaxe\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtQueryDirectoryFile |
file_handle => 0x00000054 information_class => 3 dirpath => C:\wtkaxe |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtQueryDirectoryFile |
file_handle => 0x00000054 information_class => 3 dirpath => C:\wtkaxe |
FAILURE | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\wtkaxe\analysis.conf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\wtkaxe\analyzer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | FindFirstFileExW |
filepath_r => C:\Documents and Settings\All Users\*.* filepath => C:\Documents and Settings\All Users\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtQueryDirectoryFile |
file_handle => 0x00000058 information_class => 3 dirpath => C:\Documents and Settings\All Users |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtQueryDirectoryFile |
file_handle => 0x00000058 information_class => 3 dirpath => C:\Documents and Settings\All Users |
FAILURE | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\All Users\Application Data
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\All Users\Documents
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\All Users\DRM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\All Users\Templates
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Setting
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | FindFirstFileExW |
filepath_r => C:\Documents and Settings\will\*.* filepath => C:\Documents and Settings\will\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtQueryDirectoryFile |
file_handle => 0x0000005c information_class => 3 dirpath => C:\Documents and Settings\will |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00203000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00215000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001b9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001bb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001c5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | NtQueryDirectoryFile |
file_handle => 0x0000005c information_class => 3 dirpath => C:\Documents and Settings\will |
FAILURE | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\Application Data
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\Cookies
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\Favorites
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\Local Settings
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\My Documents
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\NetHood
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\NTUSER.DAT
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\NTUSER.DAT.LOG
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.281684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\ntuser.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\PrintHood
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\Recent
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\SendTo
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Documents and Settings\will\Templates
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Documents and Se
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | FindFirstFileExW |
filepath_r => C:\Python27\DLLs\*.* filepath => C:\Python27\DLLs\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtQueryDirectoryFile |
file_handle => 0x00000060 information_class => 3 dirpath => C:\Python27\DLLs |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00215000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ce000 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001aa000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | NtQueryDirectoryFile |
file_handle => 0x00000060 information_class => 3 dirpath => C:\Python27\DLLs |
FAILURE | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\bz2.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\py.ico
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\pyc.ico
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\pyexpat.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\select.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\sqlite3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\tcl85.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\tclpip85.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\tk85.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\unicodedata.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\winsound.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_bsddb.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_ctypes.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_ctypes_test.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_elementtree.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_hashlib.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_msi.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_multiprocessing.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_socket.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_sqlite3.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_ssl.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_testcapi.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | WriteConsoleA |
buffer => C:\Python27\DLLs\_tkinter.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.291684 | FindFirstFileExW |
filepath_r => C:\Python27\Doc\*.* filepath => C:\Python27\Doc\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.301684 | NtQueryDirectoryFile |
file_handle => 0x00000064 information_class => 3 dirpath => C:\Python27\Doc |
SUCCESS | |||
| 2017-05-22 13:07:52.301684 | NtQueryDirectoryFile |
file_handle => 0x00000064 information_class => 3 dirpath => C:\Python27\Doc |
FAILURE | |||
| 2017-05-22 13:07:52.301684 | WriteConsoleA |
buffer => C:\Python27\Doc\python2713.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.321684 | FindFirstFileExW |
filepath_r => C:\Python27\include\*.* filepath => C:\Python27\include\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtQueryDirectoryFile |
file_handle => 0x00000068 information_class => 3 dirpath => C:\Python27\include |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00215000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d4000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001aa000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001e8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ed000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ef000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtQueryDirectoryFile |
file_handle => 0x00000068 information_class => 3 dirpath => C:\Python27\include |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00215000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001fc000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00203000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00205000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00207000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00209000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00211000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00215000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00217000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtQueryDirectoryFile |
file_handle => 0x00000068 information_class => 3 dirpath => C:\Python27\include |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00220000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00220000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00222000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00224000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00226000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00228000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00230000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00232000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00234000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00236000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00238000 |
SUCCESS | |||
| 2017-05-22 13:07:52.331684 | NtQueryDirectoryFile |
file_handle => 0x00000068 information_class => 3 dirpath => C:\Python27\include |
FAILURE | |||
| 2017-05-22 13:07:52.331684 | WriteConsoleA |
buffer => C:\Python27\include\abstract.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\asdl.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\ast.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\bitset.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\boolobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\bufferobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\bytearrayobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\bytesobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\bytes_methods.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\cellobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\ceval.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\classobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\cobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\code.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\codecs.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\compile.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\complexobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\cStringIO.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\datetime.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\descrobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\dictobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\dtoa.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\enumobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\errcode.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\eval.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\fileobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\floatobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\frameobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\funcobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\genobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\graminit.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\grammar.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\import.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\intobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\intrcheck.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\iterobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\listobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\longintrepr.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\longobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.341684 | WriteConsoleA |
buffer => C:\Python27\include\marshal.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\memoryobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\metagrammar.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\methodobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\modsupport.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\moduleobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\node.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\object.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\objimpl.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\opcode.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\osdefs.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\parsetok.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\patchlevel.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pgen.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pgenheaders.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyarena.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pycapsule.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyconfig.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyctype.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pydebug.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyerrors.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyexpat.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyfpe.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pygetopt.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pymacconfig.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pymactoolbox.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pymath.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pymem.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pyport.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pystate.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pystrcmp.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pystrtod.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\Python-ast.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\Python.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pythonrun.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\pythread.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\py_curses.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\rangeobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\setobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.351684 | WriteConsoleA |
buffer => C:\Python27\include\sliceobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\stringobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\structmember.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\structseq.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\symtable.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\sysmodule.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\timefuncs.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\token.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\traceback.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\tupleobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\ucnhash.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\unicodeobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\warnings.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | WriteConsoleA |
buffer => C:\Python27\include\weakrefobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | FindFirstFileExW |
filepath_r => C:\Python27\Lib\*.* filepath => C:\Python27\Lib\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00215000 size => 221184 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00215000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00203000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00203000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ed000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ed000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d4000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001aa000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00217000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ef000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001f3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00205000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00207000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00209000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00211000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00217000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00221000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00222000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00222000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00224000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00226000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00228000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00230000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00232000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00234000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00236000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00238000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00240000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00242000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00244000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00244000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00246000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00248000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0024a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0024c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0024e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00250000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00252000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00254000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00256000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00258000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0025a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0025c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0025e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00260000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00262000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00264000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00266000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00268000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00270000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00272000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00274000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00276000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00278000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 1048576 protection => 4 process_handle => 0xffffffff allocation_type => 8192 base_address => 0x00b10000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b10000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b13000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b15000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b17000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b19000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b1a000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b20000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b22000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b24000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b26000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b28000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b2a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b2c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b2e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.361684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b30000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b32000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b34000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b36000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b38000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b3d000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b41000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b43000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b45000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b47000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b49000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b51000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b53000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b55000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b57000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b59000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b5f000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b61000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b63000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b65000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b67000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b69000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b71000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b73000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b75000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b77000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b79000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b81000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b82000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b82000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b84000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b86000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b88000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b90000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b92000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b94000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b96000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b98000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba2000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ba5000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bab000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bad000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00baf000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | NtQueryDirectoryFile |
file_handle => 0x0000006c information_class => 3 dirpath => C:\Python27\Lib |
FAILURE | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\abc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\abc.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\aifc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\antigravity.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\anydbm.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\argparse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\argparse.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\ast.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\asynchat.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\asyncore.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\atexit.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\atexit.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\audiodev.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\base64.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\base64.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\BaseHTTPServer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.371684 | WriteConsoleA |
buffer => C:\Python27\Lib\BaseHTTPServer.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\Bastion.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\bdb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\binhex.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\bisect.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\bisect.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\calendar.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\calendar.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\cgi.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\cgi.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\CGIHTTPServer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\cgitb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\chunk.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\cmd.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\code.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\codecs.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\codecs.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\codeop.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\collections.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\collections.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\colorsys.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\commands.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\compileall.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\compileall.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\ConfigParser.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\ConfigParser.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\contextlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\contextlib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\Cookie.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\Cookie.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\cookielib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\cookielib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\copy.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.381684 | WriteConsoleA |
buffer => C:\Python27\Lib\copy.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\copy_reg.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\copy_reg.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\cProfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\csv.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\csv.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dbhash.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\decimal.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\difflib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dircache.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dis.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dis.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\doctest.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\DocXMLRPCServer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dumbdbm.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dummy_thread.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\dummy_threading.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\filecmp.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\fileinput.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\fnmatch.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\fnmatch.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\formatter.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\fpformat.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\fractions.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\ftplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\functools.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\functools.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\genericpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\genericpath.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\getopt.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\getopt.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\getpass.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\getpass.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\gettext.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\gettext.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\glob.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\glob.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\gzip.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\gzip.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\hashlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\hashlib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\heapq.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\heapq.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\hmac.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\hmac.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\htmlentitydefs.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\htmlentitydefs.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\htmllib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\HTMLParser.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\HTMLParser.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\httplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\httplib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\ihooks.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\imaplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\imghdr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\imputil.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\inspect.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\inspect.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\io.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.391684 | WriteConsoleA |
buffer => C:\Python27\Lib\io.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\keyword.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\keyword.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\linecache.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\linecache.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\locale.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\locale.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\macpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\macurl2path.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mailbox.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mailcap.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\markupbase.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\markupbase.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\md5.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mhlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mimetools.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mimetools.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mimetypes.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mimetypes.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\MimeWriter.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mimify.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\modulefinder.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\multifile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\mutex.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\netrc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\new.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\nntplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\ntpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\ntpath.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\nturl2path.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\nturl2path.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\numbers.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\opcode.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\opcode.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\optparse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\optparse.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\os.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\os.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\os2emxpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\pdb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\pickle.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\pickletools.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\pipes.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\pkgutil.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\pkgutil.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\platform.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\platform.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\plistlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.401684 | WriteConsoleA |
buffer => C:\Python27\Lib\plistlib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\popen2.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\poplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\posixfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\posixpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\posixpath.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\pprint.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\pprint.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\profile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\pstats.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\pty.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\pyclbr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\pydoc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\py_compile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\py_compile.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00228000 size => 110592 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\Queue.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\Queue.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\quopri.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\quopri.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\random.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\random.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\re.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\re.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\repr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\rexec.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\rfc822.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\rfc822.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\rlcompleter.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\robotparser.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\runpy.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\runpy.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sched.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sets.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sgmllib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sha.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\shelve.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\shlex.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\shlex.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\shutil.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\shutil.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\SimpleHTTPServer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\SimpleXMLRPCServer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\SimpleXMLRPCServer.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\site.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\site.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\smtpd.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\smtplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sndhdr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\socket.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\socket.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\SocketServer.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\SocketServer.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre_compile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b2b000 size => 118784 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre_compile.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre_constants.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre_constants.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre_parse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sre_parse.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\ssl.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\ssl.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\stat.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\stat.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\statvfs.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\string.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\string.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\StringIO.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\StringIO.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\stringold.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\stringprep.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\struct.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\struct.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\subprocess.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\subprocess.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sunau.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.411684 | WriteConsoleA |
buffer => C:\Python27\Lib\sunaudio.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\symbol.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\symtable.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\sysconfig.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\sysconfig.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tabnanny.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tarfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tarfile.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\telnetlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tempfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tempfile.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\textwrap.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\textwrap.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\this.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\threading.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\threading.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\timeit.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\toaiff.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\token.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\token.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tokenize.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tokenize.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\trace.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\traceback.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\traceback.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\tty.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\types.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\types.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\urllib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\urllib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b54000 size => 139264 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\urllib2.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\urllib2.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\urlparse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\urlparse.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\user.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\UserDict.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\UserDict.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\UserList.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\UserString.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\uu.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\uu.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\uuid.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\uuid.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\warnings.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\warnings.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\wave.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\weakref.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\weakref.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\webbrowser.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\whichdb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\xdrlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\xmllib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\xmlrpclib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\xmlrpclib.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\zipfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\zipfile.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_abcoll.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_abcoll.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_LWPCookieJar.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_LWPCookieJar.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_MozillaCookieJar.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_MozillaCookieJar.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_osx_support.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_pyio.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_strptime.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_strptime.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_threading_local.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_weakrefset.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\_weakrefset.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\__future__.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\__future__.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | WriteConsoleA |
buffer => C:\Python27\Lib\__phello__.foo.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | FindFirstFileExW |
filepath_r => C:\Python27\libs\*.* filepath => C:\Python27\libs\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.421684 | NtQueryDirectoryFile |
file_handle => 0x00000070 information_class => 3 dirpath => C:\Python27\libs |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | NtQueryDirectoryFile |
file_handle => 0x00000070 information_class => 3 dirpath => C:\Python27\libs |
FAILURE | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\bz2.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\libpython27.a
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\pyexpat.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\python27.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\select.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\unicodedata.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\winsound.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_bsddb.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_ctypes.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_ctypes_test.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_elementtree.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_hashlib.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_msi.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_multiprocessing.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_socket.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_sqlite3.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_ssl.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_testcapi.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\libs\_tkinter.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | FindFirstFileExW |
filepath_r => C:\Python27\Scripts\*.* filepath => C:\Python27\Scripts\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | NtQueryDirectoryFile |
file_handle => 0x00000074 information_class => 3 dirpath => C:\Python27\Scripts |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | NtQueryDirectoryFile |
file_handle => 0x00000074 information_class => 3 dirpath => C:\Python27\Scripts |
FAILURE | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\Scripts\easy_install-2.7.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\Scripts\easy_install.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\Scripts\pip.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\Scripts\pip2.7.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\Scripts\pip2.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | FindFirstFileExW |
filepath_r => C:\Python27\tcl\*.* filepath => C:\Python27\tcl\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | NtQueryDirectoryFile |
file_handle => 0x00000078 information_class => 3 dirpath => C:\Python27\tcl |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | NtQueryDirectoryFile |
file_handle => 0x00000078 information_class => 3 dirpath => C:\Python27\tcl |
FAILURE | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\tcl\tcl85.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\tcl\tclConfig.sh
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\tcl\tclstub85.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\tcl\tk85.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.431684 | WriteConsoleA |
buffer => C:\Python27\tcl\tkstub85.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.451684 | FindFirstFileExW |
filepath_r => C:\Python27\Tools\*.* filepath => C:\Python27\Tools\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.451684 | NtQueryDirectoryFile |
file_handle => 0x0000007c information_class => 3 dirpath => C:\Python27\Tools |
SUCCESS | |||
| 2017-05-22 13:07:52.451684 | NtQueryDirectoryFile |
file_handle => 0x0000007c information_class => 3 dirpath => C:\Python27\Tools |
FAILURE | |||
| 2017-05-22 13:07:52.461684 | FindFirstFileExW |
filepath_r => C:\Python34\DLLs\*.* filepath => C:\Python34\DLLs\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtQueryDirectoryFile |
file_handle => 0x00000080 information_class => 3 dirpath => C:\Python34\DLLs |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ba3000 size => 159744 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00228000 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b11000 size => 98304 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 86016 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b78000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | NtQueryDirectoryFile |
file_handle => 0x00000080 information_class => 3 dirpath => C:\Python34\DLLs |
FAILURE | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\py.ico
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\pyc.ico
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\pyexpat.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\python3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\select.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\sqlite3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\tcl86t.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\tk86t.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\unicodedata.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\winsound.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_bz2.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_ctypes.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_ctypes_test.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_decimal.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_elementtree.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_hashlib.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_lzma.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_msi.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_multiprocessing.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_overlapped.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_socket.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_sqlite3.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_ssl.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_testbuffer.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_testcapi.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_testimportmultiple.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | WriteConsoleA |
buffer => C:\Python34\DLLs\_tkinter.pyd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.461684 | FindFirstFileExW |
filepath_r => C:\Python34\Doc\*.* filepath => C:\Python34\Doc\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.471684 | NtQueryDirectoryFile |
file_handle => 0x00000084 information_class => 3 dirpath => C:\Python34\Doc |
SUCCESS | |||
| 2017-05-22 13:07:52.471684 | NtQueryDirectoryFile |
file_handle => 0x00000084 information_class => 3 dirpath => C:\Python34\Doc |
FAILURE | |||
| 2017-05-22 13:07:52.471684 | WriteConsoleA |
buffer => C:\Python34\Doc\python340.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.481684 | FindFirstFileExW |
filepath_r => C:\Python34\include\*.* filepath => C:\Python34\include\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtQueryDirectoryFile |
file_handle => 0x00000088 information_class => 3 dirpath => C:\Python34\include |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00228000 size => 102400 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00228000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00260000 size => 61440 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00205000 size => 57344 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00205000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00273000 size => 53248 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00207000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b4a000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00209000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d4000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00245000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ed000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.491684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtQueryDirectoryFile |
file_handle => 0x00000088 information_class => 3 dirpath => C:\Python34\include |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0022c000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ed000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00219000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ef000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001aa000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00220000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00251000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00211000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00220000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00222000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtQueryDirectoryFile |
file_handle => 0x00000088 information_class => 3 dirpath => C:\Python34\include |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00230000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00230000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00232000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00234000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00236000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00238000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00240000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00245000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00247000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00249000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00251000 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | NtQueryDirectoryFile |
file_handle => 0x00000088 information_class => 3 dirpath => C:\Python34\include |
FAILURE | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\abstract.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\accu.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\asdl.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\ast.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\bitset.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\bltinmodule.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\boolobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\bytearrayobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\bytesobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\bytes_methods.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\cellobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\ceval.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\classobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\code.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\codecs.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\compile.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\complexobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\datetime.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\descrobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\dictobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\dtoa.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\dynamic_annotations.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\enumobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\errcode.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\eval.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\fileobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\fileutils.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\floatobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\frameobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\funcobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\genobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\graminit.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\grammar.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\import.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\intrcheck.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\iterobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\listobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\longintrepr.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\longobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\marshal.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\memoryobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\metagrammar.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\methodobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\modsupport.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\moduleobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\namespaceobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\node.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\object.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\objimpl.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\opcode.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\osdefs.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\parsetok.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.511684 | WriteConsoleA |
buffer => C:\Python34\include\patchlevel.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pgen.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pgenheaders.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyarena.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyatomic.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pycapsule.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyconfig.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyctype.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pydebug.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyerrors.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyexpat.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyfpe.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pygetopt.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyhash.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pymacconfig.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pymacro.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pymath.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pymem.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pyport.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pystate.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pystrcmp.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pystrtod.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\Python-ast.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\Python.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pythonrun.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pythread.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\pytime.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\py_curses.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\rangeobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\setobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\sliceobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\structmember.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\structseq.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\symtable.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\sysmodule.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\token.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\traceback.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\tupleobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\typeslots.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\ucnhash.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\unicodeobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\warnings.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.521684 | WriteConsoleA |
buffer => C:\Python34\include\weakrefobject.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.531684 | FindFirstFileExW |
filepath_r => C:\Python34\Lib\*.* filepath => C:\Python34\Lib\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00228000 size => 110592 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00228000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b11000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00205000 size => 57344 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00205000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d4000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00245000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001ed000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00219000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ed000 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001aa000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.541684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001aa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0022c000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00220000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001ef000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00207000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00209000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.551684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00211000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00220000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00222000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0022e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00230000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00231000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00231000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00233000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00235000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00237000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00239000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00241000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00245000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00247000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00249000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00253000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00260000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00262000 |
SUCCESS | |||
| 2017-05-22 13:07:52.561684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00264000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b11000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00268000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00273000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00275000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00277000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00279000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b11000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b13000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b15000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b17000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b19000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.571684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b2b000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b21000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b23000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b25000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b27000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b2b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b2d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b2f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b31000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b33000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b35000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b37000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b39000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b3f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b41000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b54000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b43000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b45000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b50000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b54000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b56000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b58000 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | NtQueryDirectoryFile |
file_handle => 0x0000008c information_class => 3 dirpath => C:\Python34\Lib |
FAILURE | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\abc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\aifc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\antigravity.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\argparse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\ast.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\asynchat.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\asyncore.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\base64.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\bdb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.581684 | WriteConsoleA |
buffer => C:\Python34\Lib\binhex.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\bisect.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\bz2.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\calendar.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\cgi.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\cgitb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\chunk.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\cmd.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\code.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\codecs.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\codeop.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\colorsys.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\compileall.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\configparser.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\contextlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\copy.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\copyreg.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\cProfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\crypt.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\csv.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\datetime.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\decimal.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\difflib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\dis.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\doctest.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\dummy_threading.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\enum.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\filecmp.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\fileinput.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\fnmatch.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.591684 | WriteConsoleA |
buffer => C:\Python34\Lib\formatter.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\fractions.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\ftplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\functools.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\genericpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\getopt.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\getpass.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\gettext.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\glob.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\gzip.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\hashlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\heapq.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\hmac.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\imaplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\imghdr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\imp.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\inspect.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\io.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\ipaddress.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\keyword.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\linecache.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\locale.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\lzma.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\macpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\macurl2path.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\mailbox.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\mailcap.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\mimetypes.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\modulefinder.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.601684 | WriteConsoleA |
buffer => C:\Python34\Lib\netrc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\nntplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\ntpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\nturl2path.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\numbers.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\opcode.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\operator.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\optparse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\os.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pathlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pdb.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pickle.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pickletools.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pipes.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pkgutil.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\platform.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\plistlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\poplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\posixpath.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pprint.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\profile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pstats.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pty.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pyclbr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\pydoc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\py_compile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\queue.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\quopri.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\random.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\re.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\reprlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\rlcompleter.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\runpy.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\sched.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\selectors.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\shelve.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\shlex.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\shutil.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\site.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\smtpd.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\smtplib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\sndhdr.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\socket.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.611684 | WriteConsoleA |
buffer => C:\Python34\Lib\socketserver.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\sre_compile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\sre_constants.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\sre_parse.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\ssl.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\stat.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\statistics.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\string.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\stringprep.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\struct.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\subprocess.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\sunau.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\symbol.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\symtable.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\sysconfig.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\tabnanny.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\tarfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\telnetlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\tempfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\textwrap.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\this.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b19000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\threading.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\timeit.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\token.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\tokenize.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\trace.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\traceback.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\tracemalloc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\tty.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\turtle.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\types.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\uu.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\uuid.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00260000 size => 57344 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\warnings.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\wave.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\weakref.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\webbrowser.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\xdrlib.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\zipfile.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_bootlocale.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_collections_abc.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00273000 size => 53248 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_compat_pickle.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_dummy_thread.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_markupbase.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_osx_support.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_pyio.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_sitebuiltins.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_strptime.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_threading_local.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\_weakrefset.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.621684 | WriteConsoleA |
buffer => C:\Python34\Lib\__future__.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.631684 | WriteConsoleA |
buffer => C:\Python34\Lib\__phello__.foo.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | FindFirstFileExW |
filepath_r => C:\Python34\libs\*.* filepath => C:\Python34\libs\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | NtQueryDirectoryFile |
file_handle => 0x00000090 information_class => 3 dirpath => C:\Python34\libs |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | NtQueryDirectoryFile |
file_handle => 0x00000090 information_class => 3 dirpath => C:\Python34\libs |
FAILURE | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\libpython34.a
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\pyexpat.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\python3.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\python34.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\select.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\unicodedata.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\winsound.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_bz2.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_ctypes.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_ctypes_test.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_decimal.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_elementtree.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_hashlib.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_lzma.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_msi.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_multiprocessing.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_overlapped.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_socket.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_sqlite3.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_ssl.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_testbuffer.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_testcapi.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_testimportmultiple.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\libs\_tkinter.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | FindFirstFileExW |
filepath_r => C:\Python34\Scripts\*.* filepath => C:\Python34\Scripts\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | NtQueryDirectoryFile |
file_handle => 0x00000094 information_class => 3 dirpath => C:\Python34\Scripts |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | NtQueryDirectoryFile |
file_handle => 0x00000094 information_class => 3 dirpath => C:\Python34\Scripts |
FAILURE | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\Scripts\easy_install-3.4.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\Scripts\easy_install.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\Scripts\pip.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\Scripts\pip3.4.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.641684 | WriteConsoleA |
buffer => C:\Python34\Scripts\pip3.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | FindFirstFileExW |
filepath_r => C:\Python34\tcl\*.* filepath => C:\Python34\tcl\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x00000098 information_class => 3 dirpath => C:\Python34\tcl |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x00000098 information_class => 3 dirpath => C:\Python34\tcl |
FAILURE | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\itclstub40.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\tcl86t.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\tclConfig.sh
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\tclooConfig.sh
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\tclstub86.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\tk86t.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | WriteConsoleA |
buffer => C:\Python34\tcl\tkstub86.lib
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | FindFirstFileExW |
filepath_r => C:\Python34\Tools\*.* filepath => C:\Python34\Tools\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x0000009c information_class => 3 dirpath => C:\Python34\Tools |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x0000009c information_class => 3 dirpath => C:\Python34\Tools |
FAILURE | |||
| 2017-05-22 13:07:52.651684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\addins\*.* filepath => C:\WINDOWS\addins\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x000000a0 information_class => 3 dirpath => C:\WINDOWS\addins |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x000000a0 information_class => 3 dirpath => C:\WINDOWS\addins |
FAILURE | |||
| 2017-05-22 13:07:52.651684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\AppPatch\*.* filepath => C:\WINDOWS\AppPatch\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.651684 | NtQueryDirectoryFile |
file_handle => 0x000000a4 information_class => 3 dirpath => C:\WINDOWS\AppPatch |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | NtQueryDirectoryFile |
file_handle => 0x000000a4 information_class => 3 dirpath => C:\WINDOWS\AppPatch |
FAILURE | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\AcAdProc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\AcGenral.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\AcLayers.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\AcLua.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\AcSpecfc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\AcXtrnal.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\apphelp.sdb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\apph_sp.sdb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\drvmain.sdb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\msimain.sdb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | WriteConsoleA |
buffer => C:\WINDOWS\AppPatch\sysmain.sdb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Config\*.* filepath => C:\WINDOWS\Config\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | NtQueryDirectoryFile |
file_handle => 0x000000a8 information_class => 3 dirpath => C:\WINDOWS\Config |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | NtQueryDirectoryFile |
file_handle => 0x000000a8 information_class => 3 dirpath => C:\WINDOWS\Config |
FAILURE | |||
| 2017-05-22 13:07:52.661684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Connection Wizard\*.* filepath => C:\WINDOWS\Connection Wizard\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | NtQueryDirectoryFile |
file_handle => 0x000000ac information_class => 3 dirpath => C:\WINDOWS\Connection Wizard |
SUCCESS | |||
| 2017-05-22 13:07:52.661684 | NtQueryDirectoryFile |
file_handle => 0x000000ac information_class => 3 dirpath => C:\WINDOWS\Connection Wizard |
FAILURE | |||
| 2017-05-22 13:07:52.671684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Cursors\*.* filepath => C:\WINDOWS\Cursors\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.681684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00260000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b4a000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00262000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0020a000 size => 36864 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0023a000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00245000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b32000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00210000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d5000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00219000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b12000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00252000 size => 12288 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00245000 |
SUCCESS | |||
| 2017-05-22 13:07:52.701684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00247000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00249000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00252000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00264000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00268000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00273000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00275000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00277000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00279000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b12000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b14000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b19000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b21000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b23000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b25000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b27000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b32000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b34000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b36000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b50000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b59000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b61000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b63000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b65000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b67000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b69000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b71000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b73000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b78000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b80000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b82000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b84000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b86000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | NtQueryDirectoryFile |
file_handle => 0x000000b0 information_class => 3 dirpath => C:\WINDOWS\Cursors |
FAILURE | |||
| 2017-05-22 13:07:52.711684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgarro.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgmove.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgnesw.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgno.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgns.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.711684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgnwse.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dgwe.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dsmove.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dsns.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dsnwse.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwarro.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwmove.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwnesw.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwno.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwns.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwnwse.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\3dwwe.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\appstar2.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\appstar3.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\appstart.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\arrow_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\banana.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\barber.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\beam_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\busy_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.721684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\coin.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\counter.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\cross_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\dinosau2.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\dinosaur.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\drum.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\fillitup.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hand.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handapst.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handnesw.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handno.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handns.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handnwse.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handwait.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\handwe.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\harrow.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hcross.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\help_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hibeam.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hmove.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hnesw.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hnodrop.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hns.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hnwse.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\horse.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hourgla2.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hourgla3.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hourglas.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.731684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\hwe.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lappstrt.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\larrow.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lcross.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\libeam.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lmove.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lnesw.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lnodrop.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lns.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lnwse.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lwait.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\lwe.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\metronom.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\move_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\no_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\pen_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\piano.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\rainbow.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\raindrop.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.741684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size1_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size2_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size3_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\size4_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\sizenesw.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\sizens.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\sizenwse.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\sizewe.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\stopwtch.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\up_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\vanisher.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wagtail.ani
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_i.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_il.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_im.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_l.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_m.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_r.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_rl.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | WriteConsoleA |
buffer => C:\WINDOWS\Cursors\wait_rm.cur
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.751684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Debug\*.* filepath => C:\WINDOWS\Debug\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | NtQueryDirectoryFile |
file_handle => 0x000000b4 information_class => 3 dirpath => C:\WINDOWS\Debug |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | NtQueryDirectoryFile |
file_handle => 0x000000b4 information_class => 3 dirpath => C:\WINDOWS\Debug |
FAILURE | |||
| 2017-05-22 13:07:52.761684 | WriteConsoleA |
buffer => C:\WINDOWS\Debug\blastcln.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | WriteConsoleA |
buffer => C:\WINDOWS\Debug\NetSetup.LOG
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | WriteConsoleA |
buffer => C:\WINDOWS\Debug\PASSWD.LOG
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Driver Cache\*.* filepath => C:\WINDOWS\Driver Cache\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | NtQueryDirectoryFile |
file_handle => 0x000000b8 information_class => 3 dirpath => C:\WINDOWS\Driver Cache |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | NtQueryDirectoryFile |
file_handle => 0x000000b8 information_class => 3 dirpath => C:\WINDOWS\Driver Cache |
FAILURE | |||
| 2017-05-22 13:07:52.761684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\ehome\*.* filepath => C:\WINDOWS\ehome\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | NtQueryDirectoryFile |
file_handle => 0x000000bc information_class => 3 dirpath => C:\WINDOWS\ehome |
SUCCESS | |||
| 2017-05-22 13:07:52.761684 | NtQueryDirectoryFile |
file_handle => 0x000000bc information_class => 3 dirpath => C:\WINDOWS\ehome |
FAILURE | |||
| 2017-05-22 13:07:52.761684 | WriteConsoleA |
buffer => C:\WINDOWS\ehome\custsat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Help\*.* filepath => C:\WINDOWS\Help\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 118784 |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b59000 |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 77824 |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b19000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.771684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b19000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b78000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00260000 size => 57344 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00260000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00273000 size => 53248 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00262000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b4a000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00264000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0020a000 size => 36864 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0023a000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00245000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b32000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00210000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d5000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00219000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b12000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00252000 size => 12288 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.781684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b5d000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00245000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00247000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00249000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00252000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00268000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00273000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00275000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00277000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00279000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.791684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b12000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b5d000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b14000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b21000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b23000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b25000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b27000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b32000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b34000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b36000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b50000 |
SUCCESS | |||
| 2017-05-22 13:07:52.811684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b5e000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b60000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b62000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b64000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b66000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b68000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b70000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b72000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b74000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b78000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.822684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b80000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b82000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b84000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b86000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b90000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b92000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b94000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b96000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b98000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.832684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ba8000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00baa000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bac000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bae000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb2000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bba000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bbc000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bbe000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc0000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc2000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc4000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc6000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc8000 |
SUCCESS | |||
| 2017-05-22 13:07:52.842684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bca000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bcb000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bcb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bcd000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bcf000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bdb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bdd000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bdf000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.852684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00beb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bed000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bed000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bef000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf1000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf9000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bfb000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bfd000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bff000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c01000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c03000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c05000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c07000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c09000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c0b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c0d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c11000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c11000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c13000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c15000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c17000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c19000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c1b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c1d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.862684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c1f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c21000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c23000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c25000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c27000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c29000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c2b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c2d000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c2f000 |
SUCCESS | |||
| 2017-05-22 13:07:52.872684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c31000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c32000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c32000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c34000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c36000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c38000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c3a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c3c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c3e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c40000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c42000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c44000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c46000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c48000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c4a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c4c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c4e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c50000 |
SUCCESS | |||
| 2017-05-22 13:07:52.882684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c52000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c54000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c54000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c56000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c58000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c5a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c5c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c5e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c60000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c62000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c64000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c66000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c68000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c6a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c6c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c6e000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c70000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c72000 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | NtQueryDirectoryFile |
file_handle => 0x000000c0 information_class => 3 dirpath => C:\WINDOWS\Help |
FAILURE | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\access.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\access.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\accessib.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\acc_dis.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\aclui.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\aclui.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\addremov.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ade.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\admtools.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\adprop.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0404.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0405.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0406.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0407.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0408.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0409.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt040b.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt040c.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt040e.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.892684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0410.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0411.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0412.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0413.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0414.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0415.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0416.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0419.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt041d.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt041f.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0804.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0816.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\agt0c0a.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\apps.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\apps_sp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\article.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\atm.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\audiocdc.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\audit.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\bckg.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\blurbs.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\blutooth.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.902684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\bnts.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\bootcons.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\brief.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\calc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\calc.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\camera.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\camera.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cdmedia.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cdmedia.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\certmgr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\certmgr.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\charmap.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\charmap.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\chkr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\chnscsvr.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\chooser.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ciadmin.htm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ciquery.htm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\clipbrd.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\clipbrd.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cmconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\colormgt.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\comexp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\comexp.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\common.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\compfldr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\compmgmt.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\compstui.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\conf.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\conf.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\conf.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\conf1.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\connect.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\connect.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.912684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cpanel.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cpanel.chq
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cscui.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cyycoins.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\cyzcoins.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\datetime.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ddeshare.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ddeshare.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\defrag.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\defrag.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\devmgr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\devmgr.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dfs.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\diagboot.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dialer.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dialer.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\digiras.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dijoy.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\diskmgmt.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\diskmgmt.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\display.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\display.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dkconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\drvvfp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\drwtsn32.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\drwtsn32.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dsclient.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dskquoui.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dskquoui.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\dxdiag.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\els.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\els.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\encrypt.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\eudcedit.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\eudcedit.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\evconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\evntwin.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fde.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.922684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\filefold.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\filefold.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\filemgmt.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\file_srv.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\find.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\folderop.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fonts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fonts.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\freecell.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\freecell.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fxsclnt.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fxsclnt.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fxscover.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\fxsshare.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\gen.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\Glossary.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\gpedit.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\gpedit.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\gptext.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\halftone.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hardware.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hardware.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\howto.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hrtz.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hs.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hschelp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hypertrm.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\hypertrm.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\icwdial.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ident.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ieakmmc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ieeula.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ieos.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ieshared.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\iesupp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\iewebhlp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\iexplore.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\iexplore.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\iis.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\iismmc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.932684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\Imegen.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\imgprev.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\inetres.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\infrared.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\infrared.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\input.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\input.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\intellimirror.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ipsecconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ipsecsnp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ipsecsnp.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\Ipv6.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\is.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\isconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ixhelp.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ixqlang.htm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\joy.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\key.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\keyb.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\keyshort.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\lang.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\langbar.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\license.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\localsec.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\localsec.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\lpe.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\lpeconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\magnify.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\magnify.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mail.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mfcuix.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\migwiz.htm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\migwiz2.htm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\misc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mls_trb.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mmc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mmc_dlg.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mobsync.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mobsync.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mode.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\modem.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mouse.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mouse.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mpconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mplayer2.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mplayer2.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mpnetwrk.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.942684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mqsnap.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msconfig.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msdasc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mshearts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mshearts.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mshearts.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msinfo32.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msmq.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msmqconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msnauth.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msnauth.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msoe.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msoe.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msoeacct.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\msorcl32.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mspaint.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mspaint.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mstask.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mstask.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\mstsc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\netcfg.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\netcfg.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\network.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat1.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat1.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat2.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat2.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat3.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat3.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat4.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat4.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat5.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\newfeat5.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nmchat.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nmwhiteb.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nocontnt.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nofts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\notepad.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\notepad.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntart.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntbackup.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntbackup.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntchowto.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntcmds.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntdef.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nthelp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntshared.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ntshrui.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nusrmgr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nwdoc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\nwdoc.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\objsel.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\odbcinst.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\odbcjet.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\oe_msgr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\offlinefolders.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\omc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\osk.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\osk.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\packager.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\password.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\phowto.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\pinball.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\pinball.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\PINTLPAD.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\PINTLPAE.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\plyr_err.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\printfnd.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\printing.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\progman.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\progman.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\pwrmn.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\pwrmn.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\qosconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ratings.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ratings.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\ratings.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rdesktop.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\reader.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\reader.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\recycle.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\regedit.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\regedit.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\regopt.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\remasst.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\reskit.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rktools.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rrc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rsm.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.952684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rsm.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rsmconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rsop.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rsopsnp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\rvse.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\safer.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\saferconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sapicpl.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\scarddlg.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sce.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sceconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\scm.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\scmconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\secauth.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\secedit.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\secsetconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\secsettings.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sendcmsg.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sendcmsg.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sfmmgr.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\shell.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\shvl.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\signin.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sigverif.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\smlogcfg.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sndvol32.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sndvol32.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sniffpol.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\snmpconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\snmpsnap.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sol.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sol.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\soundrec.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\soundrec.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sounds.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\spad.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\spconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\speech.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\spider.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\spider.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\splash.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\spolsconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sr_ui.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sstub.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\supp_ed.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\suptools.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysdm.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysdm.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysmon.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysmon.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysprop.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysrestore.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sysrestore.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\system.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\sys_srv.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\tapi.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\tapi.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\taskbar.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\taskmgr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\taskmgr.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\tcpip.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\tcpmon.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\telnet.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\telnet.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\timesrv.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\tshoot.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\tshoot.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\twclient.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\twclient.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\update.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\update1.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\usercpl.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\users.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\utilmgr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\utilmgr.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\verifier.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wab.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wab.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wbemtest.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\webpub.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\whatsnew.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.962684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\winchat.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\winchat.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\windows.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\windows.chq
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\windows.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\windows.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\WINGB.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\winhlp32.cnt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\winhlp32.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\WINIME.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wininstl.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\winmine.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\winmine.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\WINPY.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\WINSP.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\WINZM.CHM
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\win_dos.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wmic.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wmifltr.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wmplay.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wmplayer.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wordpad.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wordpad.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wpa.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wschelp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wscript.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wscript.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wsecedit.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wshconcepts.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wuau.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\Help\wuauhelp.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\ime\*.* filepath => C:\WINDOWS\ime\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | NtQueryDirectoryFile |
file_handle => 0x000000c4 information_class => 3 dirpath => C:\WINDOWS\ime |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | NtQueryDirectoryFile |
file_handle => 0x000000c4 information_class => 3 dirpath => C:\WINDOWS\ime |
FAILURE | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\ime\mscandui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\ime\SOFTKBD.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\ime\SPGRMR.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | WriteConsoleA |
buffer => C:\WINDOWS\ime\SPTIP.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\java\*.* filepath => C:\WINDOWS\java\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | NtQueryDirectoryFile |
file_handle => 0x000000c8 information_class => 3 dirpath => C:\WINDOWS\java |
SUCCESS | |||
| 2017-05-22 13:07:52.972684 | NtQueryDirectoryFile |
file_handle => 0x000000c8 information_class => 3 dirpath => C:\WINDOWS\java |
FAILURE | |||
| 2017-05-22 13:07:52.982684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\L2Schemas\*.* filepath => C:\WINDOWS\L2Schemas\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.982684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ba3000 size => 446464 |
SUCCESS | |||
| 2017-05-22 13:07:52.982684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba3000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtQueryDirectoryFile |
file_handle => 0x000000cc information_class => 3 dirpath => C:\WINDOWS\L2Schemas |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c43000 size => 270336 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba5000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtQueryDirectoryFile |
file_handle => 0x000000cc information_class => 3 dirpath => C:\WINDOWS\L2Schemas |
FAILURE | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\baseeapconnectionpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\BaseEapMethodConfig.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\BaseEapMethodUserCredentials.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\baseeapuserpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\EapCommon.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\eapconnectionpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\EapHostConfig.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\EapHostUserCredentials.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\EapTlsConnectionPropertiesV1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\EapTlsUserPropertiesV1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\eapuserpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\lan_policy_v1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\lan_profile_v1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\mschapv2connectionpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\mschapv2userpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\mspeapconnectionpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\mspeapuserpropertiesv1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\OneX_v1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\L2Schemas\WLAN_profile_v1.xsd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Media\*.* filepath => C:\WINDOWS\Media\*.* |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtQueryDirectoryFile |
file_handle => 0x000000d0 information_class => 3 dirpath => C:\WINDOWS\Media |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c11000 size => 196608 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba7000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 118784 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b59000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 86016 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b19000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b19000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b78000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1b000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00260000 size => 57344 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00260000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00273000 size => 53248 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00262000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtQueryDirectoryFile |
file_handle => 0x000000d0 information_class => 3 dirpath => C:\WINDOWS\Media |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b5d000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00264000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b4a000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0020a000 size => 36864 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020a000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0023a000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020c000 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | NtQueryDirectoryFile |
file_handle => 0x000000d0 information_class => 3 dirpath => C:\WINDOWS\Media |
FAILURE | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\chimes.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:52.992684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\chord.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\ding.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\flourish.mid
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\notify.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\onestop.mid
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\recycle.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\ringin.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\ringout.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\start.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\tada.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\town.mid
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\W.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Med.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Win.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.002684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Win.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\M.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\W.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\W.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Win.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Win.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Win.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Win.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.012684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windows.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Media\Windo.wav
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\msagent\*.* filepath => C:\WINDOWS\msagent\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 86016 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000d4 information_class => 3 dirpath => C:\WINDOWS\msagent |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000d4 information_class => 3 dirpath => C:\WINDOWS\msagent |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentanm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentctl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentdp2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentdpv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentmpx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentpsh.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentsr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agentsvr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agtctl15.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\agtintl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\msagent\mslwvtts.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\msapps\*.* filepath => C:\WINDOWS\msapps\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000d8 information_class => 3 dirpath => C:\WINDOWS\msapps |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000d8 information_class => 3 dirpath => C:\WINDOWS\msapps |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\mui\*.* filepath => C:\WINDOWS\mui\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00210000 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000dc information_class => 3 dirpath => C:\WINDOWS\mui |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000dc information_class => 3 dirpath => C:\WINDOWS\mui |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Network Diagnostic\*.* filepath => C:\WINDOWS\Network Diagnostic\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000e0 information_class => 3 dirpath => C:\WINDOWS\Network Diagnostic |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000e0 information_class => 3 dirpath => C:\WINDOWS\Network Diagnostic |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Network Diagnostic\custsat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Network Diagnostic\xpnetdiag.xsl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\pchealth\*.* filepath => C:\WINDOWS\pchealth\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000e4 information_class => 3 dirpath => C:\WINDOWS\pchealth |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000e4 information_class => 3 dirpath => C:\WINDOWS\pchealth |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\PeerNet\*.* filepath => C:\WINDOWS\PeerNet\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000e8 information_class => 3 dirpath => C:\WINDOWS\PeerNet |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000e8 information_class => 3 dirpath => C:\WINDOWS\PeerNet |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\PeerNet\sqldb20.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\PeerNet\sqlqp20.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\PeerNet\sqlse20.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Provisioning\*.* filepath => C:\WINDOWS\Provisioning\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000ec information_class => 3 dirpath => C:\WINDOWS\Provisioning |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000ec information_class => 3 dirpath => C:\WINDOWS\Provisioning |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Registration\*.* filepath => C:\WINDOWS\Registration\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000f0 information_class => 3 dirpath => C:\WINDOWS\Registration |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | NtQueryDirectoryFile |
file_handle => 0x000000f0 information_class => 3 dirpath => C:\WINDOWS\Registration |
FAILURE | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Registration\R000000000006.clb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Registration\R000000000007.clb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.022684 | WriteConsoleA |
buffer => C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1219AA0B-B050-4AC8-9FEE-EADBE0733D93}.crmlog
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\repair\*.* filepath => C:\WINDOWS\repair\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x000000f4 information_class => 3 dirpath => C:\WINDOWS\repair |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00260000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00245000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00245000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x000000f4 information_class => 3 dirpath => C:\WINDOWS\repair |
FAILURE | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\autoexec.nt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\config.nt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\default
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\ntuser.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\sam
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\secsetup.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\security
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\setup.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\software
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\repair\system
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Resources\*.* filepath => C:\WINDOWS\Resources\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x000000f8 information_class => 3 dirpath => C:\WINDOWS\Resources |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x000000f8 information_class => 3 dirpath => C:\WINDOWS\Resources |
FAILURE | |||
| 2017-05-22 13:07:53.032684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\security\*.* filepath => C:\WINDOWS\security\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00247000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x000000fc information_class => 3 dirpath => C:\WINDOWS\security |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00249000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b32000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00260000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0020c000 size => 28672 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x000000fc information_class => 3 dirpath => C:\WINDOWS\security |
FAILURE | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\edb.chk
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\edb.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\edb00002.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\edbtmp.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\res1.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\res2.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\security\tmp.edb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\SoftwareDistribution\*.* filepath => C:\WINDOWS\SoftwareDistribution\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x00000100 information_class => 3 dirpath => C:\WINDOWS\SoftwareDistribution |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x00000100 information_class => 3 dirpath => C:\WINDOWS\SoftwareDistribution |
FAILURE | |||
| 2017-05-22 13:07:53.032684 | WriteConsoleA |
buffer => C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\srchasst\*.* filepath => C:\WINDOWS\srchasst\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x00000104 information_class => 3 dirpath => C:\WINDOWS\srchasst |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0020e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d5000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.032684 | NtQueryDirectoryFile |
file_handle => 0x00000104 information_class => 3 dirpath => C:\WINDOWS\srchasst |
FAILURE | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\srchasst\msgr3en.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\srchasst\nls302en.lex
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\srchasst\srchctls.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\srchasst\srchui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\system\*.* filepath => C:\WINDOWS\system\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtQueryDirectoryFile |
file_handle => 0x00000108 information_class => 3 dirpath => C:\WINDOWS\system |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00219000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00210000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b12000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0023c000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b19000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ba5000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00252000 size => 12288 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00252000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00262000 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | NtQueryDirectoryFile |
file_handle => 0x00000108 information_class => 3 dirpath => C:\WINDOWS\system |
FAILURE | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\AVICAP.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\AVIFILE.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\COMMDLG.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\KEYBOARD.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\LZEXPAND.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MCIAVI.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MCISEQ.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MCIWAVE.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MMSYSTEM.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MMTASK.TSK
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MOUSE.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\MSVIDEO.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\OLECLI.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\OLESVR.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\setup.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\SHELL.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\SOUND.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\stdole.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\SYSTEM.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\TAPI.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\TIMER.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\VER.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\VGA.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\WFWNET.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.042684 | WriteConsoleA |
buffer => C:\WINDOWS\system\WINSPOOL.DRV
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\system32\*.* filepath => C:\WINDOWS\system32\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00264000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d5000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00219000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x001d7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0023c000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00219000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00252000 size => 12288 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00252000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00268000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00273000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00275000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00277000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00279000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0027d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b12000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b14000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b19000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b1f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b21000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b23000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b25000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b27000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b32000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b34000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b36000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b4e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b50000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b59000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b5f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b61000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b63000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b65000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b67000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b69000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b6f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b71000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b73000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b78000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b7e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b80000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b82000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b84000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b86000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8e000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b8e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b90000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b92000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b94000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b96000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b98000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00b9c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ba9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bab000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bad000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00baf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bb5000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bb9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bbb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bbd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bbf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.052684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bc9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bcb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bcd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bcf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bd8000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bd8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bda000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bdc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bde000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00be8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bea000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bec000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bee000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bf8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bfa000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bfa000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bfc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00bfe000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c00000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c02000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c04000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c06000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c08000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c0a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c0c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c0e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c11000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c13000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c15000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c17000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c19000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c1b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c1d000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c1d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c1f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c21000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c23000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c25000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c27000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c29000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c2b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c2d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c2f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c31000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c33000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c35000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c37000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c39000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c3b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c3d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c3f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c43000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c43000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c45000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c47000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c49000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c4b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c4d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c4f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c51000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c53000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c55000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c57000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c59000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c5b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c5d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c5f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c61000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c63000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c63000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c65000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c67000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c69000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c6b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c6d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c6f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c71000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c73000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c75000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c77000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c79000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c7b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c7d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c7f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c81000 |
SUCCESS | |||
| 2017-05-22 13:07:53.062684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c83000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c85000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c86000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c86000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c88000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c8a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c8c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c8e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c90000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c92000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c94000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c96000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c98000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c9a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c9c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00c9e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ca0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ca2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ca4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ca6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ca8000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ca8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00caa000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cac000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cae000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cb0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cb2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cb4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cb6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cb8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cba000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cbc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cbe000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cc0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cc2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cc4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cc6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cc8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cca000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ccb000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ccb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ccd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ccf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cd1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cd3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cd5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cd7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cd9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cdb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cdd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cdf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ce1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ce3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ce5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ce7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ce9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ceb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ced000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ced000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cef000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cf1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cf3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cf5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cf7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cf9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cfb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cfd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00cff000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d01000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d03000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d05000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d07000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d09000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d0b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d0d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d0f000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d0f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d11000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d13000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d15000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d17000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d19000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d1b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d1d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d1f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d21000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d23000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d25000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d27000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d29000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d2b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d2d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d2f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d31000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d32000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d32000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d34000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d36000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d38000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d3a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d3c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d3e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d40000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d42000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d44000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d46000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d48000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d4a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d4c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d4e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d50000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d52000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d54000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d54000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d56000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d58000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d5a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d5c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d5e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d60000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d62000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d64000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d66000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d68000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d6a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d6c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d6e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d70000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d72000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d74000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d76000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d77000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d77000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d79000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d7b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d7d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d7f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d81000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d83000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d85000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d87000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d89000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d8b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d8d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d8f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d91000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d93000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d95000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d97000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d99000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d99000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d9b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d9d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00d9f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00da1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00da3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00da5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00da7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00da9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dab000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dad000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00daf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00db1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00db3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00db5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00db7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00db9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00dbb000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dbb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dbd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dbf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dc1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dc3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dc5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dc7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dc9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dcb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dcd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dcf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dd1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dd3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dd5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dd7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dd9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ddb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ddd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00dde000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dde000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00de0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00de2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00de4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00de6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00de8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dea000 |
SUCCESS | |||
| 2017-05-22 13:07:53.072684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dec000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dee000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00df0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00df2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00df4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00df6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00df8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dfa000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dfc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00dfe000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e00000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e11000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e02000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e04000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e06000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e08000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e0a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e0c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e0e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e11000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e13000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e15000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e17000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e19000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e1b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e1d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e1f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e21000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e23000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e24000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e24000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e26000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e28000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e2a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e2c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e2e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e30000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e32000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e34000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e36000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e38000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e3a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e3c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e3e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e40000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e42000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e44000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e46000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e47000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e47000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e49000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e4b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e4d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e4f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e51000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e53000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e55000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e57000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e59000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e5b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e5d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e5f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e61000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e63000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e65000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e67000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e69000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e6a000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e6a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e6c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e6e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e70000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e72000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e74000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e76000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e78000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e7a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e7c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e7e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e80000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e82000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e84000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e86000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e88000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e8a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e8c000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e8c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e8e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e90000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e92000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e94000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e96000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e98000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e9a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e9c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00e9e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ea0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ea2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ea4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ea6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ea8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eaa000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eac000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00eae000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eae000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eb0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eb2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eb4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eb6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eb8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eba000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ebc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ebe000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ec0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ec2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ec4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ec6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ec8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eca000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ecc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ece000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ed0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ed1000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ed1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ed3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ed5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ed7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ed9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00edb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00edd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00edf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ee1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ee3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ee5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ee7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ee9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eeb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eed000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eef000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ef1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ef3000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ef3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ef5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ef7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ef9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00efb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00efd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00eff000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f01000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f03000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f05000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f07000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f09000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f0b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f0d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f0f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f11000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f13000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f15000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f16000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f16000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f18000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f1a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f1c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f1e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f20000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f22000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f24000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f26000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f28000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f2a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f2c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f2e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f30000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f32000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f34000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f36000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f38000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f38000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f3a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f3c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f3e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f40000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f42000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f44000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f46000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f48000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f4a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f4c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f4e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f50000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f52000 |
SUCCESS | |||
| 2017-05-22 13:07:53.082684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f54000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f56000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f58000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f5a000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f5a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f5c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f5e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f60000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f62000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f64000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f66000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f68000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f6a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f6c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f6e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f70000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f72000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f74000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f76000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f78000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f7a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f7c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f7d000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f7d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f7f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f81000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f83000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f85000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f87000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f89000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f8b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f8d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f8f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f91000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f93000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f95000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f97000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f99000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f9b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f9d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f9f000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00f9f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fa1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fa3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fa5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fa7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fa9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fab000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fad000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00faf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fb1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fb3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fb5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fb7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fb9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fbb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fbd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fbf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fc1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00fc3000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fc3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fc5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fc7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fc9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fcb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fcd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fcf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fd1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fd3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fd5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fd7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fd9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fdb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fdd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fdf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fe1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fe3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00fe5000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fe5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fe7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fe9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00feb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fed000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fef000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ff1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ff3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ff5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ff7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ff9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ffb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00ffd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00fff000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01001000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01003000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01005000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01007000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01007000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01009000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0100b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0100d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0100f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01011000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01013000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01015000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01017000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01019000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0101b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0101d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0101f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01021000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01023000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01025000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01027000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01029000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0102a000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0102a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0102c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0102e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01030000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01032000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01034000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01036000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01038000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0103a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0103c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0103e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01040000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01042000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01044000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01046000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01048000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0104a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0104c000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0104c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0104e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01050000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01052000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01054000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01056000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01058000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0105a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0105c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0105e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01060000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01062000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01064000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01066000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01068000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0106a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0106c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0106e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0106f000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0106f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01071000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01073000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01075000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01077000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01079000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0107b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0107d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0107f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01081000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01083000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01085000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01087000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01089000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0108b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0108d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0108f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01091000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01091000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01093000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01095000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01097000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01099000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0109b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0109d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0109f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010a1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010a3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010a5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010a7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010a9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010ab000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010ad000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010af000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010b1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x010b3000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010b3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010b5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010b7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010b9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010bb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010bd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010bf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010c1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010c3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010c5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010c7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.092684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010c9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010cb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010cd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010cf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010d1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010d3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010d5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x010d6000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010d6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010d8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010da000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010dc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010de000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010e0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010e2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010e4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010e6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010e8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010ea000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010ec000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010ee000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010f0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010f2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010f4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010f6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010f8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x010f9000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010f9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010fb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010fd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x010ff000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01101000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01103000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01105000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01107000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01109000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0110b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0110d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0110f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01111000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01113000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01115000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01117000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01119000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0111b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0111c000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0111c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0111e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01120000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01122000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01124000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01126000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01128000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0112a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0112c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0112e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01130000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01132000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01134000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01136000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01138000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0113a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0113c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0113e000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0113e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01140000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01142000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01144000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01146000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01148000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0114a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0114c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0114e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01150000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01152000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01154000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01156000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01158000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0115a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0115c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0115e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01160000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01160000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01162000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01164000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01166000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01168000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0116a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0116c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0116e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01170000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01172000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01174000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01176000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01178000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0117a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0117c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0117e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01180000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01182000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01183000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01183000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01185000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01187000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01189000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0118b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0118d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0118f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01191000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01193000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01195000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01197000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01199000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0119b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0119d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0119f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011a1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011a3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x011a5000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011a5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011a7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011a9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ab000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ad000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011af000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011b1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011b3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011b5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011b7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011b9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011bb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011bd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011bf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011c1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011c3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011c5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011c7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x011c8000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011c8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ca000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011cc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ce000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011d0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011d2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011d4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011d6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011d8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011da000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011dc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011de000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011e0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011e2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011e4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011e6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011e8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x011ea000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ea000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ec000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011ee000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011f0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011f2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011f4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011f6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011f8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011fa000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011fc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x011fe000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01200000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01202000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01204000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01206000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01208000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0120a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01211000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0120c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0120e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01211000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01213000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01215000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01217000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01219000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0121b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0121d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0121f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01221000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01223000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01225000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01227000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01229000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0122b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0122d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0122e000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0122e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01230000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01232000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01234000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01236000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01238000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0123a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0123c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0123e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01240000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01242000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01244000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01246000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01248000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0124a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0124c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0124e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01250000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01250000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01252000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01254000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01256000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01258000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0125a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0125c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0125e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01260000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01262000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01264000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01266000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01268000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0126a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0126c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0126e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01270000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01272000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01273000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01273000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01275000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01277000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01279000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0127b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0127d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0127f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01281000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01283000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01285000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01287000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01289000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0128b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0128d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0128f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01291000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01293000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01295000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01295000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01297000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x01299000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0129b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0129d000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0129f000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012a1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012a3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012a5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012a7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012a9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012ab000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012ad000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012af000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012b1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012b3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012b5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x012b7000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012b7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012b9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012bb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012bd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012bf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012c1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012c3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012c5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012c7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012c9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012cb000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012cd000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012cf000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012d1000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012d3000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012d5000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012d7000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012d9000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x012da000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012da000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012dc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012de000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012e0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012e2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012e4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012e6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012e8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012ea000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012ec000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012ee000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012f0000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012f2000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012f4000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012f6000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012f8000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012fa000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x012fc000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012fc000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x012fe000 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | NtQueryDirectoryFile |
file_handle => 0x0000010c information_class => 3 dirpath => C:\WINDOWS\system32 |
FAILURE | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\$winnt$.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\12520437.cpx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\12520850.cpx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\6to4svc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\a15.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\a234.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\aaaamon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\aaclient.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\access.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\acctres.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\accwiz.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\acelpdec.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\acledit.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.102684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\aclui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\acode.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\activeds.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\activeds.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\actmovie.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\actxprxy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\admparse.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adptif.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adsldp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adsldpc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adsmsext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adsnds.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adsnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\adsnw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\advapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\advpack.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ahui.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\alg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\alrsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\amcompat.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\amstream.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ansi.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\apcups.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\append.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\apphelp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\appmgmts.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\appmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\appwiz.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\arp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\arphr.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\arptr.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\array30.tab
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\arrayhw.tab
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\asctrls.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\asferror.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\asr_fmt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\asr_ldm.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\asr_pfu.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\asycfilt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\at.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atkctrs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atmadm.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atmfd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atmlib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atmpvcno.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\atrace.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\attrib.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\audiosrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\auditusr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\authz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\autochk.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\autoconv.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\autodisc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\AUTOEXEC.NT
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\autofmt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\autolfn.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avicap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avicap32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avifil32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avifile.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.112684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avmeter.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avtapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\avwav.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\azroles.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\basesrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\batmeter.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\batt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bidispl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\big5.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bios1.rom
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bios4.rom
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bitsprx2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bitsprx3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bitsprx4.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\blackbox.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\blastcln.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bootcfg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bootok.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bootvid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bootvrfy.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bopomofo.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bopomofo.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\browselc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\browser.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\browseui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\browsewm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bthci.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bthprops.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\bthserv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\btpanui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cabinet.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cabview.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cacls.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\calc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\camocx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\capesnpn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cards.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\catsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\catsrvps.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\catsrvut.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ccfgnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cdfview.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cdm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cdmodem.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cdosys.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cdplayer.exe.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\certcli.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\certmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\certmgr.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cewmdm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.122684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cfgbkend.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cfgmgr32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\chajei.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\charmap.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\chcp.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\chkdsk.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\chkntfs.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ChsBrKr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\chtbrkr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ciadmin.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ciadv.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cic.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cidaemon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\CINTLGNT.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ciodm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cipher.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cisvc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ckcnv.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\clb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\clbcatex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\clbcatq.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cleanmgr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cliconf.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cliconfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cliconfg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cliconfg.rll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\clipbrd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\clipsrv.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\clusapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmcfg32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmdial32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmdl32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmdlib.wsc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmmgr32.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmmon32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmos.ram
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmpbk32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmprops.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmsetACL.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmstp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cmutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cnbjmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cnetcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cnvfat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\colbact.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comaddin.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comcat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comctl32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comdlg32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comm.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\command.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\commdlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\compact.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\compatUI.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\compmgmt.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\compobj.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\compstui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comrepl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comres.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comsnap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comsvcs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\comuid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\CONFIG.NT
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\CONFIG.TMP
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\confmsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\conime.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\console.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\control.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\convert.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\corpol.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\country.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\credssp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\credui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\crtdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\crypt32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cryptdlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cryptdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cryptext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cryptnet.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cryptsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cryptui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cscdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.132684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cscript.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\cscui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\csrsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\csrss.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\csseqchk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ctfmon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ctl3d32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ctl3dv2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ctype.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_037.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10000.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10001.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10002.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10003.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10006.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10007.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10008.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10010.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10017.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10029.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10079.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10081.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_10082.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1026.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1250.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1251.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1252.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1253.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1254.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1255.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1256.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1257.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1258.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_1361.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20000.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20127.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20261.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20290.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20866.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20905.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20932.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20936.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_20949.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_21027.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_21866.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28591.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28592.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28593.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\C_28594.NLS
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\C_28595.NLS
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\C_28597.NLS
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28598.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28599.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28603.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_28605.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_437.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_500.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_737.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_775.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_850.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_852.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_855.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_857.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_860.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_861.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_863.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_865.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_866.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_869.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.142684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_874.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_875.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_932.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_936.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_949.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_950.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_g18030.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\c_is2022.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3d8.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3d8thk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3d9.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3dim.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3dim700.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3dpmesh.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3dramp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3drm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\d3dxof.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\danim.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dataclen.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bd7000 size => 233472 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\datime.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\davclnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\daxctle.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dayi.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dayiphr.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dayiptr.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dbgeng.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dbghelp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dbmsrpcn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dbnetlib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dbnmpntw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\Dcache.bin
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dciman32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dcomcnfg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ddeml.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ddeshare.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ddraw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ddrawex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\debug.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\defrag.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\desk.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\deskadp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\deskmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\deskperf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\desktop.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\devenum.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\devmgmt.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\devmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfrg.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfrgfat.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfrgntfs.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfrgres.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfrgsnap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfrgui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dfsshlex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dgnet.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dgrpsetu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dgsetup.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dhcpcsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dhcpmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dhcpqec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dhcpsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diactfrm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diantz.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\digest.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dimap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dimsntfy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dimsroam.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dinput.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dinput8.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diskcomp.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diskcopy.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c11000 size => 196608 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diskcopy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diskmgmt.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diskpart.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\diskperf.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dispex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dllcache
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dllhost.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dllhst3g.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmadmin.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmband.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmcompos.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmconfig.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmdlgs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmdskmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.152684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmdskres.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmime.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmintf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmloader.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmocx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmremote.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmscript.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmserver.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmstyle.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmsynth.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmusic.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dmview.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dnsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dnsrslvr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\docprop.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\docprop2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\doskey.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dosx.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3api.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3cfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3dlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3gpclnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3msm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3svc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dot3ui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpcdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dplay.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dplaysvr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dplayx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpmodemx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnaddr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnet.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnhpast.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnhupnp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnlobby.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnmodem.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnsvr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpnwsock.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpserial.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpvacm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpvoice.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpvsetup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpvvox.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpwsock.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dpwsockx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\driverquery.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\drmclien.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\drmstor.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\drmv2clt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\drprov.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\DRVSTORE
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\drwatson.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\drwtsn32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ds16gt.dLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ds32gt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsauth.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsdmo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsdmoprp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dskquota.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dskquoui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsound.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsound.vxd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsound3d.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsprop.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsprpres.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsquery.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dssec.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dssec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dssenh.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dsuiext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dswave.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dumprep.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\duser.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dvdplay.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dvdupgrd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dwwin.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dx7vb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dx8vb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dxdiag.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dxdiagn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dxmasf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dxtmsft.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\dxtrans.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eapolqec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eapp3hst.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eappcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.162684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eappgnui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eapphost.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eappprxy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eapqec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eapsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\edit.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\edit.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\edlin.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\efsadu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ega.cpi
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\els.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\emptyregdb.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\encapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\encdec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\EqnClass.Dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ersvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\es.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\esent.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\esent97.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\esentprf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\esentprf.hxx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\esentprf.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\esentutl.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eudcedit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eula.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventcls.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventcreate.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventlog.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventquery.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventtriggers.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventvwr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\eventvwr.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\exe2bin.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\expand.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\expsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\extmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00cba000 size => 303104 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\extrac32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\exts.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\f3ahvoas.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fastopen.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\faultrep.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fde.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fdeploy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\feclient.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\femgrate.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\filemgmt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\find.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\findstr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\finger.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\firewall.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fixmapi.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fldrclnr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fltlib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fltMc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fmifs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\FNTCACHE.DAT
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fontext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fontsub.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fontview.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\forcedos.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\format.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\framebuf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\freecell.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fsmgmt.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fsquirt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fsusd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fsutil.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ftp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ftsrch.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\fwcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\g711codc.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gb2312.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gcdef.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gdi.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gdi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\geo.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\getmac.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\getuname.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.172684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\glmf32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\glu32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gpedit.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gpedit.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gpkcsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gpkrsrc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gpresult.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gptext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\gpupdate.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\graftabl.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\graphics.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\graphics.pro
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\grpconv.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\h323.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\h323log.txt
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\h323msp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hal.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hdwwiz.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\help.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hhctrl.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hhsetup.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hidphone.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\himem.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hlink.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hnetcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hnetmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hnetwiz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\homepage.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hostname.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hotplug.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hticons.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\html.iec
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\httpapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\htui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\hypertrm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iac25_32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iasacct.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iasads.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iashlpr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iasnap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iaspolcy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iasrad.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iasrecst.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iassam.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iassdo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iassvcs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icaapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iccvid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icfgnt5.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icm32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icmp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icmui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icwdial.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\icwphbk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d06000 size => 335872 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ideograf.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\idq.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ie4uinit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ieakeng.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ieaksie.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ieakui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iedkcs32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ieencode.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iepeers.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iernonce.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iesetup.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ieuinit.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iexpress.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ifmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ifsutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\igmpagnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iissuba.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ils.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imaadp32.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imagehlp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imapi.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imegen.tpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imekr61.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imeshare.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imgutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imjp81.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imjp81k.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\imm32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.182684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetcomm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetcpl.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetcplc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetmib1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetpp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetppui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inetres.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\infosoft.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\initpki.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c7a000 size => 253952 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\input.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\inseng.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\instcat.sql
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\intl.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iologmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipconf.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipconfig.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iphlpapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipmontr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipnathlp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ippromon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iprop.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iprtprio.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iprtrmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipsec6.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipsecsnp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipsecsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipsmsnap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipv6.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipv6mon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxmontr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxpromn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxrip.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxroute.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxrtmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxsap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ipxwan.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir32_32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir41_32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir41_qc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir41_qcx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir50_32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir50_qc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ir50_qcx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\irclass.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\irprops.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\isign32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\isrdbg32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\itircl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\itss.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iuengine.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ivfsrc.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ixsso.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\iyuv_32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jet500.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jgaw400.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jgdw400.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jgmd400.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jgpl400.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jgsd400.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jgsh400.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jobexec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\joy.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jschs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.192684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jscript.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\jsproxy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kanji_1.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kanji_2.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kb16.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd101.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd101a.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd101b.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd101c.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd103.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd106.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbd106n.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\KBDAL.DLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdax2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdaze.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdazel.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdbe.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdbene.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdbhc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdblr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdbr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdbu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdca.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdcan.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdcr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdcz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdcz1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdcz2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdda.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbddv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdes.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdest.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdfc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdfi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdfi1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdfo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdfr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdgae.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdgkl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdgr1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhe.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhe220.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhe319.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhela2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhela3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhept.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdhu1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdibm02.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdic.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdinbe1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdinben.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdinmal.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdir.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdit.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdit142.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdiultn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdjpn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdkaz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdkor.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdkyr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdla.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdlk41a.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdlk41j.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdlt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdlt1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdlv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdlv1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdmac.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdmaori.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdmlt47.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdmlt48.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdne.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdnec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdnec95.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdnecAT.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdnecNT.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdnepr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdno.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdno1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdpash.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdpl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.202684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdpl1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdpo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdro.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdru.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdru1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsl1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsmsfi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsmsno.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdsw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdtat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdtuf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdtuq.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbduk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdukx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdur.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdus.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdusl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdusr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdusx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbduzb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdycc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kbdycl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kd1394.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kdcom.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kerberos.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kernel32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\key01.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\keyboard.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\keyboard.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\keymgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kmddsp.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b32000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b81000 size => 28672 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00266000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b4a000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c6d000 size => 45056 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00273000 size => 53248 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d84000 size => 57344 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d5a000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b19000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00bc4000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x012ff000 size => 73728 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b8a000 size => 86016 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d6c000 size => 90112 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 118784 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ba5000 size => 118784 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00c43000 size => 163840 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e11000 size => 208896 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00d94000 size => 507904 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\kmsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b78000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\korean.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\korwbrkr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\korwbrkr.lex
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\krnl386.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ksc.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ksproxy.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ksuser.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\l2gpstore.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\l3codeca.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\l3codecx.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\label.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\langwrbk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lanman.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\laprxy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lcphrase.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lcptr.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\licdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\licmgr10.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\licwmi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lights.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\linkinfo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lmhsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lmrt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lnkstub.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\loadfix.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\loadperf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\locale.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\localsec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\localspl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\localui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\locator.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e44000 size => 135168 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lodctr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\logagent.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\loghours.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\login.cmd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\logman.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\logoff.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\logon.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\logonui.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\logonui.exe.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lpk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lpq.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.212684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lpr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lprhelp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lprmonui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lsasrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lsass.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lusrmgr.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lz32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\lzexpand.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\l_except.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\l_intl.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\magnify.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mag_hook.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e65000 size => 86016 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\main.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\makecab.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mapistub.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mcastmib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mcd32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mcdsrv32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mchgrcoi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciavi.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciavi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mcicda.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciole16.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciole32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciqtz32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciseq.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciseq.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciwave.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mciwave.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mdhcp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mdminst.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mdwmdmsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mem.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mf3216.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfc40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfc40loc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfc40u.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfc42.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfc42loc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfc42u.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mfcsubs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mgmtapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mib.bin
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\Microsoft
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\microsoft.managementconsole.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\midimap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\miglibnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\migpwd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mimefilt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\miniime.tpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mlang.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mlang.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mll_hp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mll_mtf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mll_qic.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmcbase.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmcex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmcfxcommon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmcndmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmcperf.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmcshext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmdriver.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmdrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmfutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmsys.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmsystem.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmtask.tsk
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mmutilse.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mnmdd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mnmsrvc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mobsync.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mobsync.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mode.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\modemui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\modex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\more.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\moricons.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mountvol.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mouse.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mp43dmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mp4sdmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mpeg2data.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mpg2splt.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.222684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mpg4dmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mpg4ds32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mplay32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mpnotify.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mpr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mprapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mprddm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mprdim.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mprmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mprui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqad.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqbkup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqcertui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqdscli.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqgentr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqise.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqlogmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqoa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqoa.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqoa10.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqoa20.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqperf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqperf.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqprfsym.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqqm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqrt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqrtdep.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqsec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqsnap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqsvc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqtgsvc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqtrig.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqupgrd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mqutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mrinfo.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msaatext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msacm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msacm32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msacm32.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msadds32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msadp32.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msafd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msapsspc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msasn1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msaud32.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msaudite.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mscat32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mscdexnt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mscms.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msconf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mscpx32r.dLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mscpxl32.dLL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\MSCTF.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\MSCTFIME.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\MSCTFP.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdadiag.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdart.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdatsrc.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdayi.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdmo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtclog.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00e7c000 size => 512000 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00ef9000 size => 40960 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtcprf.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtcprf.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtcprx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtctm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdtcuiu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdxm.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msdxmlc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msencode.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msexch40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msexcl40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msftedit.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msg711.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msg723.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msgina.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msgsm32.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msgsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msh261.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msh263.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mshearts.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mshta.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mshtml.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mshtml.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mshtmled.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mshtmler.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msident.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.232684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msidle.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msidntld.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msieftp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msiexec.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msihnd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msimg32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msimsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\MSIMTF.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msir3jp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msir3jp.lex
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msisip.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msjet40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msjetoledb40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msjint40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msjter40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msjtes40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mslbui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msls31.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msltus40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msnetobj.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msnsspc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msobjs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msoeacct.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msoert2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msorc32r.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msorcl32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mspaint.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mspatcha.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mspbde40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mspmsnsv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mspmsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msports.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msprivs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msr2c.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msr2cenu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msratelc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrating.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrclr40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrd2x40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrd3x40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrecr40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrepl40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msrle32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mssap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msscds32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msscp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msscript.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mssha.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msshavmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mssign32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mssip32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msswch.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msswchx.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstask.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstext40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstime.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstinit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstlsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstsc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mstscax.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msutb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msv1_0.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvbvm50.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvbvm60.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcirt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcp100.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcp50.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcp60.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcr100.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcrt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcrt20.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvcrt40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvfw32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvidc32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvidctl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msvideo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.242684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msw3prt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mswdat10.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mswebdvd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mswmdm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mswsock.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mswstr10.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxbde40.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml2r.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml3r.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml6.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxml6r.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msxmlr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\msyuv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mtxclu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mtxdm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mtxex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mtxlegih.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mtxoci.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mycomput.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\mydocs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\napipsec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\napmontr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\napstat.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\narrator.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\narrhook.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nbtstat.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ncobjapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ncpa.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ncpa.cpl.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ncxpnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nddeapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nddeapir.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nddenb32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ndptsp.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\net.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\net.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\net1.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netcfgx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netdde.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netevent.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\neth.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netlogon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netman.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netplwiz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netrap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netsetup.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netsetup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netsh.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netshell.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netstat.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netui0.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netui1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netui2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netus.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\netware.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\newdev.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nlhtml.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nlsfunc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nmevtmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nmmkcert.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.chs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.cht
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.deu
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.eng
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.enu
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.esn
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.fra
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.ita
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.jpn
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.kor
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.nld
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.sve
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\noise.tha
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\notepad.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\npptools.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nscompat.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nslookup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntbackup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.252684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdos.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdos404.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdos411.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdos412.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdos804.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntdsbcli.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntimage.gif
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntio.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntio404.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntio411.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntio412.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntio804.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntkrnlpa.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntlanman.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntlanui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntlanui2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntlsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmarta.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmsdba.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmsevt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmsmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmsmgr.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmsoprq.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntmssvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntoskrnl.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntprint.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntsd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntsdexts.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntshrui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntvdm.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ntvdmd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nusrmgr.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nw16.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwapi16.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwc.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwc.cpl.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwevent.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwprovau.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwscript.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\nwwks.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oakley.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\objsel.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\occache.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ocmanage.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbc16gt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbc32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbc32gt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcad32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcbcp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcconf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcconf.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcconf.rsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbccp32.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.262684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbccp32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbccr32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbccu32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcint.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcji32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcjt32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbcp32r.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odbctrac.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oddbse32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odexl32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odfox32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odpdx32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\odtext32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oembios.bin
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oembios.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oembios.sig
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\offfilt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ole2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ole2disp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ole2nls.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ole32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oleacc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oleaccrc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oleaut32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olecli.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olecli32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olecnv32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oledlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\oleprn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olepro32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olesvr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olesvr32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\olethk32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\onex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\openfiles.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\opengl32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f05000 size => 516096 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f83000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\osk.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\osuninst.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\osuninst.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\p2p.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\p2pgasvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\p2pgraph.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\p2pnetsh.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\p2psvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\packager.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pagefileconfig.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\panmap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\paqsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pathping.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pautoenr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pcl.sep
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pdh.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pentnt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfc009.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfci.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfci.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfctrs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfd009.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfdisk.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perffilt.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perffilt.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfh009.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfi009.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfmon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfmon.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfnet.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfnw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfos.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfproc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\PerfStringBackup.INI
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfts.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfwci.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\perfwci.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\phon.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\phon.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\phoncode.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\phonptr.tbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\photometadatahandler.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\photowiz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pid.inf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.272684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pid.PNF
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pidgen.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pifmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ping.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ping6.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\PINTLGNT.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\PINTLPAD.HLP
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x001d8000 size => 4096 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0021b000 size => 12288 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00252000 size => 12288 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0023c000 size => 16384 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b12000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\PINTLPAE.HLP
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pjlmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\plustab.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pmspl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pngfilt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pnrpnsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\polstore.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\powercfg.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\powercfg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\powrprof.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prc.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prcp.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prfc0804.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prfd0804.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prfh0804.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prfi0804.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prflbmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\print.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\printui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prncnfg.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prndrvr.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prnjobs.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prnmngr.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prnport.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prnqctl.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\proctexe.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\prodspec.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\profmap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\progman.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\proquota.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\proxycfg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\psapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\psbase.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pschdcnt.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pschdprf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pschdprf.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pscript.sep
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\psnppagn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pstorec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pstorsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\pubprn.vbs
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\python27.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\python34.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qagent.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qagentrt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qappsrv.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qasf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qcap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qcliprov.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qdv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qdvd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qedit.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qedwipes.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qmgrprxy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qosname.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qprocess.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\quartz.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\query.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\quick.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\qwinsta.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\racpldlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasadhlp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01027000 size => 479232 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasauto.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasautou.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\raschap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasctrnm.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasctrs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasctrs.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasdial.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasdlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasman.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasmans.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasmontr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasmxs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasphone.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasppp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.282684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasqec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasrad.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rassapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rasser.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rastapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rastls.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rcbdyctl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rcimlby.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rcp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdchost.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdpcfgex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdpclip.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdpdd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdpsnd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdpwsx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdsaddin.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rdshost.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\recover.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\redir.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\reg.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regedt32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regini.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regsvr32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regwiz.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\regwizc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\relog.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\remotepg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\remotesp.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rend.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\replace.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\reset.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\resutils.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rexec.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00fc5000 size => 393216 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rhttpaa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\riched20.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\riched32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rnr20.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\romanime.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\route.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\routemon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\routetab.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rpcns4.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rpcrt4.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rpcss.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsaci.rat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsaenh.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsfsaps.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsh.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rshx32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsm.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsmps.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsmsink.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsmui.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsnotify.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsop.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsopprov.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsvp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsvp.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsvpcnts.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsvpmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsvpperf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rsvpsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rtcshare.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rtipxmib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rtm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rtutils.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\runas.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rundll32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\runonce.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\rwinsta.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\safrcdlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\safrdm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\safrslv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\samlib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\samsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sapi.cpl.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\savedump.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sbe.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sbeio.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.292684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scarddlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scardssp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scardsvr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sccbase.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sccsccp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scecli.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scesrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\schannel.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\schedsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\schtasks.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sclgntfy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scochs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scredir.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scriptpw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scrnsave.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scrobj.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scrrnchs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\scrrun.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sdbinst.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sdhcinst.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sdpblb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\secedit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\seclogon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\secpol.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\secupd.dat
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\secupd.sig
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\secur32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\security.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sendcmsg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sendmail.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sens.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sensapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\senscfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\serialui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\servdeps.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\services.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\services.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\serwvdrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sessmgr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sethc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\setup.bmp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\setup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\setupapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\setupdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\setupn.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\setver.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sfc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sfc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sfcfiles.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sfc_os.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sfmapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shadow.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\share.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shdoclc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shdocvw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shell.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shell32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shellstyle.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shfolder.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x010d2000 size => 364544 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shgina.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shiftjis.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shimeng.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shimgvw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shlwapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shmedia.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shmgrate.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shrpubw.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shscrap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shsvcs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\shutdown.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sigtab.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sigverif.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\simpdata.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sisbkup.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\skdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\skeys.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\slayerxp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\slbcsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\slbiop.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\slbrccsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sl_anet.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\smbinst.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\smlogcfg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\smlogsvc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\smss.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sndrec32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sndvol32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\snmpapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.302684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\snmpsnap.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\softpub.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sol.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sort.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sortkey.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sorttbls.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sound.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spider.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spiisupd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spnike.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spnpinst.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spoolss.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spoolsv.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sprestrt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sprio600.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sprio800.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\spxcoins.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sqlsodbc.chm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sqlsrv32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sqlsrv32.rll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sqlunirl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sqlwid.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sqlwoa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\srclient.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\srrstr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\srsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\srvsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ss3dfo.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssbezier.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssdpapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssdpsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssflwbox.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssmarque.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssmypics.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssmyst.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sspipes.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ssstars.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sstext3d.scr
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\stclient.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\stdole2.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\stdole32.tlb
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sti.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\stimon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sti_ci.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\stobject.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\storage.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\storprop.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\streamci.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\strmdll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\strmfilt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\subrange.uce
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\subst.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\svchost.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\svcpack.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\swprv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sxs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\syncapp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\synceng.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\syncui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysdm.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysedit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysinv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\syskey.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysmon.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysocmgr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysprint.sep
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\sysprtj.sep
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\syssetup.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\system.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\systeminfo.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\systray.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\t2embed.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tapi3.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tapiperf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.312684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tapisrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tapiui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\taskkill.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tasklist.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\taskman.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\taskmgr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tcmsetup.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tcpmib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tcpmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tcpmon.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tcpmonui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tcpsvcs.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tdc.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\telephon.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\telnet.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\termcap
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\termmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\termsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tftp.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\themeui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\timedate.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\timer.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\TINTLGNT.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tlntadmn.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tlntsess.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tlntsvr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tlntsvrp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\toolhelp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tourstart.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tracerpt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tracert.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tracert6.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\traffic.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tree.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\trkwks.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsappcmp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsbyuv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tscfgwmi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tscon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsd32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsddd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsdiscon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsgqec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tskill.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tslabels.h
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tslabels.ini
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tspkg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tsshutdn.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tssoft32.acm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\twext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\txflog.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\typelib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\typeperf.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\tzchange.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\udhisapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ufat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ulib.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\umandlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\umdmxfrm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\umpnpmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\unicdime.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\unicode.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0116a000 size => 516096 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x011e8000 size => 8192 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\uniime.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\unimdm.tsp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\unimdmat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\uniplat.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\unlodctr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\untfs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\upnp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.322684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\upnpcont.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\upnphost.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\upnpui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ups.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ureg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\url.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\urlmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usbmon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usbui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\user.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\user32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\userenv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\userinit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usp10.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrcntra.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrcoina.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrdpa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrdtea.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrfaxa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrlbva.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrlogon.cmd
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrmlnka.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrprbda.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrrtosa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrsdpia.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrshuta.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrsvpia.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrv42a.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrv80a.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrvoica.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\usrvpa.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00f86000 size => 249856 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\utildll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\utilman.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\uxtheme.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\v7vga.rom
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vbajet32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vbicodec.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vbisurf.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxControl.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxDisp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxHook.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxMRXNP.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGL.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGLarrayspu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGLcrutil.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGLerrorspu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGLfeedbackspu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGLpackspu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxOGLpassthroughspu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxService.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\VBoxTray.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vbschs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vbscript.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vcdex.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vdmdbg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vdmredir.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ver.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\verclsid.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\verifier.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\verifier.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\version.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vfpodbc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vga.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vga.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vga256.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vga64k.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vjoy.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vssadmin.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vssapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vssvc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vss_ps.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vwipxspx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\vwipxspx.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\w32time.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\w32tm.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\w32topl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\w3ssl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\watchdog.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.332684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wavemsp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.deu
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.enu
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.esn
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.fra
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.ita
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.nld
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbcache.sve
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.deu
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.enu
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.esn
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.fra
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.ita
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.nld
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wbdbase.sve
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wdigest.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wdl.trm
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wdmaud.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\webcheck.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\webclnt.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\webfldrs.msi
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\webhits.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\webvw.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wextract.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wfwnet.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiaacmgr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiadefui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiadss.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiascr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiaservc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiasf.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiashext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiavideo.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wiavusd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wifeman.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\win.com
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\win32k.sys
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\win32spl.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\win87em.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINABC.CNT
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINABC.CWD
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINABC.HLP
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINABC.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINABC.OVL
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winar30.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winbrand.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winchat.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\windowscodecs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\windowscodecsext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WindowsLogon.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winfax.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINGB.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winhelp.hlp
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winhlp32.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winhttp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winime.ime
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0109e000 size => 176128 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01211000 size => 258048 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wininet.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winipsec.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winlogon.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winmine.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winmm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winmsd.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winnls.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winntbbu.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winoldap.mod
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINPY.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINPY.MB
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winrnr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winscard.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winshfhc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01252000 size => 217088 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winsock.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINSP.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINSP.MB
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winspool.drv
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winspool.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winsta.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winstrm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wintrust.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\winver.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINZM.IME
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.342684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WINZM.MB
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wkssvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wlanapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wldap32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wlnotify.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmadmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmadmoe.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmasf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmdmlog.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmdmps.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmerrCHS.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmerror.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmidx.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmimgmt.msc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmiprop.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmiscmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmnetmgr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmp.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmpasf.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmpcd.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmpcore.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmpdxm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmphoto.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmploc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmpshell.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmpui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmsdmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmsdmoe.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmsdmoe2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmspdmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmspdmoe.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmstream.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmv8ds32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmvcore.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmvdmod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmvdmoe2.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wmvds32.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wow32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wowdeb.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wowexec.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wowfax.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wowfaxui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wpa.dbl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wpabaln.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wpnpinst.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\write.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ws2help.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\ws2_32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wscntfy.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wscript.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wscsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wscui.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wsecedit.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshatm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshbth.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshchs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshcon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshext.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wship6.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshisn.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshnetbs.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshom.ocx
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\WshRm.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wshtcpip.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wsnmp32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wsock32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wstdecod.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wstpager.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wstrenderer.ax
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wtsapi32.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuauclt.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuauclt1.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuaucpl.cpl
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuaucpl.cpl.manifest
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuaueng.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuaueng1.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuauserv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wucltui.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wupdmgr.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wups.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wuweb.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wzcdlg.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wzcsapi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\wzcsvc.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.352684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xactsrv.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xcopy.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xenroll.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xjis.nls
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xmllite.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xmlprov.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xmlprovi.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xolehlp.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xpob2res.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xpsp1res.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xpsp2res.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\xpsp3res.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\system32\zipfldr.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\s.scf
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01289000 size => 421888 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\Temp\*.* filepath => C:\WINDOWS\Temp\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000110 information_class => 3 dirpath => C:\WINDOWS\Temp |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000110 information_class => 3 dirpath => C:\WINDOWS\Temp |
FAILURE | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\twain_32\*.* filepath => C:\WINDOWS\twain_32\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000114 information_class => 3 dirpath => C:\WINDOWS\twain_32 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000114 information_class => 3 dirpath => C:\WINDOWS\twain_32 |
FAILURE | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\WINDOWS\twain_32\wiatwain.ds
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\WINDOWS\WinSxS\*.* filepath => C:\WINDOWS\WinSxS\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000118 information_class => 3 dirpath => C:\WINDOWS\WinSxS |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0113f000 size => 167936 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0021b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x011ea000 size => 81920 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x0112d000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0023e000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x01200000 size => 65536 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00252000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x012f2000 size => 32768 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00266000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000118 information_class => 3 dirpath => C:\WINDOWS\WinSxS |
FAILURE | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\wtkaxe\bin\*.* filepath => C:\wtkaxe\bin\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00268000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x0000011c information_class => 3 dirpath => C:\wtkaxe\bin |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026a000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x010cb000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026c000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00273000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00275000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x0000011c information_class => 3 dirpath => C:\wtkaxe\bin |
FAILURE | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\cuckoomon.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\cuckoomon_bson.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\cuckoomon_netlog.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\execsc.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\inject-x64.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\inject-x86.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\is32bit.exe
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\monitor-x64.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\bin\monitor-x86.dll
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\wtkaxe\lib\*.* filepath => C:\wtkaxe\lib\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00277000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000120 information_class => 3 dirpath => C:\wtkaxe\lib |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00279000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00275000 size => 24576 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00275000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00269000 size => 20480 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 8192 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x00269000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000120 information_class => 3 dirpath => C:\wtkaxe\lib |
FAILURE | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\lib\__init__.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\lib\__init__.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\wtkaxe\modules\*.* filepath => C:\wtkaxe\modules\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000124 information_class => 3 dirpath => C:\wtkaxe\modules |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtFreeVirtualMemory |
free_type => 16384 process_handle => 0xffffffff base_address => 0x00b59000 size => 69632 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtAllocateVirtualMemory |
region_size => 12288 protection => 4 process_handle => 0xffffffff allocation_type => 4096 base_address => 0x0026b000 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000124 information_class => 3 dirpath => C:\wtkaxe\modules |
FAILURE | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\modules\__init__.py
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | WriteConsoleA |
buffer => C:\wtkaxe\modules\__init__.pyc
console_handle => 0x00000007 |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | FindFirstFileExW |
filepath_r => C:\Documents and Settings\All Users\Favorites\*.* filepath => C:\Documents and Settings\All Users\Favorites\*.* |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000128 information_class => 3 dirpath => C:\Documents and Settings\All Users\Favorites |
SUCCESS | |||
| 2017-05-22 13:07:53.362684 | NtQueryDirectoryFile |
file_handle => 0x00000128 information_class => 3 dirpath => C:\Documents and Settings\All Users\Favorites |
FAILURE |